ttpforge

command module
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2025 License: MIT Imports: 3 Imported by: 0

README

TTPForge

License Tests Coverage Status

TTPForge is a cyber attack simulation platform designed and built by Sam Manzer (@d3sch41n), Alek Straumann (@CrimsonK1ng), and Geoff Pamerleau (@Sy14r), and including subsequent contributions from many good folks in Meta’s Red, Blue, and Purple security teams. Jayson Grace (@l50) migrated the project to GitHub and assisted with preparation for the project’s open source release.

This project promotes a Purple Team approach to cybersecurity with the following goals:

  • To help blue teams accurately measure their detection and response capabilities through high-fidelity simulations of real attacker activity.
  • To help red teams improve the ROI/actionability of their findings by packaging their attacks as automated, repeatable simulations.

TTPForge allows you to automate attacker tactics, techniques, and procedures (TTPs) using a powerful but easy-to-use YAML format. Check out the links below to learn more!

Table of Contents

Installation

  1. Get latest TTPForge release:

    curl \
https://raw.githubusercontent.com/facebookincubator/TTPForge/main/dl-rl.sh \
| bash

    At this point, the latest ttpforge release should be in $HOME/.local/bin/ttpforge and subsequently, the $USER's $PATH.

    If running in a stripped down system, you can add TTPForge to your $PATH with the following command:

    export PATH=$HOME/.local/bin:$PATH

  2. Initialize TTPForge configuration

    This command will place a configuration file at the default location ~/.ttpforge/config.yaml and configure the examples and forgearmory TTP repositories:

    ttpforge init

  3. List available TTP repositories (should show examples and forgearmory)

    ttpforge list repos

    The examples repository contains the TTPForge examples found in this repository. The ForgeArmory repository contains our arsenal of attacker TTPs powered by TTPForge.

  4. List available TTPs that you can run:

    ttpforge list ttps

  5. Examine an example TTP:

    ttpforge show ttp examples//args/basic.yaml

  6. Run the specified example:

    ttpforge run examples//args/basic.yaml \
  --arg str_to_print=hello \
  --arg run_second_step=true

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
args
blocks
checks
fileutils
logging
outputs
platforms
preprocess
repos
testutils

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.